lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jun 2018 08:07:37 -0500 From: "Gustavo A. R. Silva" <gustavo@...eddedor.com> To: Steve French <sfrench@...ba.org> Cc: linux-cifs@...r.kernel.org, samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org, "Gustavo A. R. Silva" <gustavo@...eddedor.com> Subject: [smb3] unreachable code and memory leaks Hi Steve, While doing some static analysis I came across the following piece of code at fs/cifs/smb2pdu.c:2017: 2017 if (n_iov > 2) { 2018 struct create_context *ccontext = 2019 (struct create_context *)iov[n_iov-1].iov_base; 2020 ccontext->Next = 2021 cpu_to_le32(iov[n_iov-1].iov_len); 2022 } The code above is unreachable because n_iov is initialized to 2 and, its value is never updated. I'm not sure how to fix this. Also, it seems there are multiple places in which memory allocated for *path* is leaking: 1946 else 1947 return -EIO; 1951 if (rc) 1952 return rc; 1987 if (rc) { 1988 cifs_small_buf_release(req); 1989 return rc; 1990 } and more... Thanks -- Gustavo
Powered by blists - more mailing lists